← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Threat Tracking: Analysis of Lilith RAT ported to AutoIt Script
In April 2024, S2W's Threat Research and Intelligence Center TALON analyzed a malicious LNK file disguised as a list of tax evasion explanatory documents. The LNK file executed a PowerShell command to download and run an AutoIt script-based Lilith RAT malware from an attacker's server, which establishes a reverse shell on the infected system. Similarities between this campaign and KONNI group's tactics, such as command obfuscation and the use of AutoIt-ported malware, suggest the threat actor behind this attack could be linked to KONNI.
MITRE ATT&CK & Malware Families
Indicators of Compromise (13 / 46 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 19dc387bffdc0a22f640bd38af320db4 | — | 2024-08-23 | |
| FileHash-MD5 | 3334d2605c0df26536058f73a43cb074 | — | 2024-08-23 | |
| FileHash-MD5 | 3c81dc763a4f003ba6e33cd5b63068cd | — | 2024-08-23 | |
| FileHash-MD5 | 4f865db4192afb5bbcdeb2e899ca97a4 | — | 2024-08-23 | |
| FileHash-MD5 | 5613ba2032bc1528991b583e17bad59a | — | 2024-08-23 | |
| FileHash-MD5 | 6d6433c328f6cdce4a80efce3a29ea3e | — | 2024-08-23 | |
| FileHash-MD5 | 6f5e4b45ca0d8c1128d27a15421eea38 | — | 2024-08-23 | |
| FileHash-MD5 | 7bb236041b91d4cd4fa129267cf109c3 | — | 2024-08-23 | |
| FileHash-MD5 | 9d6c79c0b395cceb83662aa3f7ed0123 | — | 2024-08-23 | |
| FileHash-MD5 | a0483db3725f8a50078daee7fd10f9bb | — | 2024-08-23 | |
| FileHash-MD5 | c56b5f0201a3b3de53e561fe76912bfd | — | 2024-08-23 | |
| FileHash-MD5 | d357fc478765a22f403c699a812f29bd | — | 2024-08-23 | |
| FileHash-MD5 | d5809e5f848f228634aa45ffe4a5ece0 | — | 2024-08-23 |